Ý




    

¬ 
 
 ¬   

m
 
[



[
   
 Y


 V  

  ¬     !
   ¬ 
 " ¬ #"¬
  " ¬ #"¬

  " ¬  #"¬
 $%¬ &#¬&
  
   



    

 $%¬ &#¬&

 Y
 
 Y YY


 YY

x    !


  &
 ¬" 
 &" 
 ' 
 (&
 [

 
 )
$*!
 +
 , #,
 Y


 [
  )! 

 
 
-
 
)
$+'
"
 
&  
)&¬
&  
[&

&  !
&  !$
&!
"¬
!
 V
 
V


YVV


3 
  ! 
""" 


./

3 % 
./
00
1./
00
[ 
00[2 3
45)
1./
00
 2 
64[72 365)
1./
00
64[72 3
45)


./
00
1./
008
'"2& 
¬ #"&¬
  +&,'
1./
00








 
x ’
  
   
  
 


x  

    

 
     
 
’

x   
  

 

 

 
 
!

 
  

x "

  
 

’
 



 






x ’ 
  


  

  #$
  
%&'(()* 



x ’ 
  



 
  
 
 
   +


 

 

x "    ’ 


)

,&) 
   
  ,& 
',

    )
  

 #-,   $






Y

x ,&) ’
    




x ('%) 
  #  (&,   
('% $

x ’ 

 

x ’ ./,
   

   


x  
  
  
     
)
 
 






x A stopgap enhancement to WEP, implement
able on some (not all) hardware not able to
handle WPA/WPA2, based on:

Enlarged IV value.
Enforced 128-bit encryption

x WEP2 remains vulnerable to known WEP

attacks.
x Keystream for corresponding IV is obtained
x 1500 bytes for each of the 224 possible IVs
x 24GB to construct a full table, which would
enable the attacker to immediately decrypt
each subsequent ciphertext
 ¬&#$%¬ &
x It is also known as WEP+.
x WEPplus enhances WEP security by avoiding
"weak IVs´.
x It is only completely effective when WEPplus is
used at both ends of the wireless connection.
x It remains serious limitation.
x WPA use Temporal Key Integrity Protocol (TKIP)
to addresses the encryption weaknesses of
WEP.
x Key component of WPA is built-in
authentication that WEP does not offer.
x WPA provides roughly comparable security to
VPN tunneling with WEP, with the benefit of
easier administration and use.
¬&#$%¬ & Y

x Vne variation of WPA is called 0

1)01
x To use WPA-PSK, a person sets a static key or
"passphrase" as with WEP.
x By using TKIP, WPA-PSK automatically changes
the keys at a preset time interval, making it
much more difficult for hackers to find and
exploit them.
x WPA uses the RC4 cipher.
x Keys are rotated frequently, and the packet
counter prevents packet replay or packet re-
injection attacks.
 ¬&
#$%¬ &
x WPA2 (Wi-Fi Protected Access 2) gives wireless
networks both confidentiality and data
integrity.

x The Layer 2-based WPA2 better protects the

network.

x WPA2 uses a new encryption method called

CCMP (Counter-Mode with CBC-MAC Protocol).

x CCMP is based on Advanced Encryption

Standard (AES).

x AES is stronger algorithm then RC4.

    !

Traffic Analysis.

Passive Eavesdropping.

Active Eavesdropping.

Unauthorized Access.

[

 

Session High-Jacking

Replay

Denial of service (DoS)

  &

Traffic analysis allows the attacker to

obtain three forms of information.
Î The attacker preliminary identify that
there is activity on the network.

Î The identification and Physical location of

the Wireless Access Point (AP).

Î The type of protocol being used during the

transmission.
 ¬" 
Passive Eavesdropping allows the attacker to obtain two
forms of information.

Î " 

 
 
    
   
Î " 

 
    

    
+ 
    

 

 
 &" 

Active Eavesdropping allows the attacker inject

the data into the communication to decipher
the payload.
Active Eavesdropping can take into two forms.
Î The attacker can modify the packet.
Î The attacker can inject complete packet
into the data.
The WEP by using CRC only check the integrity
of the data into the packet.
 ' 
 (&

Due to physical properties of the WLAN, the

attacker will always have access to the
Wireless components of the network.
If attacker become successful to get
unauthorized access to the network by using
brute force attack, man in the middle and
denial of service attack, attacker can enjoy
the whole network services.
[$$
$[
)$*!
[
  )! 
 

HostAP
WEPWedgie
AirSnarf
SMAC
NetStumbler
Aircrack
Kismet
Aircrack-ng
Wellenreiter
WepAttack
THC-RUT
Ethereal
AirSnort
WEPCrack.
coWPAtty
½ Y    




½ 


   
½ 



½ 

½  
 

 !
½ 
 "  #   !$
½ %
&'

" ( 

½     



 
½  )
# !
9